SB2018120604 - Multiple vulnerabilities in Apple iOS

Security Bulletin ID SB2018120604

CSH Severity

High

Patch available

YES

Number of vulnerabilities 22

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 22 vulnerabilities.

1) Type confusion (CVE-ID: CVE-2018-4303)

CWE-ID: CWE-843 - Type confusion

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to type confusion in the Airport component. A local attacker can run a specially crafted application, trigger memory corruption and gain elevated privileges.

2) Memory corruption (CVE-ID: CVE-2018-4465)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error in the Disk Images component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

3) Memory corruption (CVE-ID: CVE-2018-4447)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error in the Kernel component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.

Successful exploitation of the vulnerability may result in system compromise.

4) Memory corruption (CVE-ID: CVE-2018-4461)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to boundary error in the Kernel component. A local attacker can run a specially crafted application, trigger memory corruption and execute arbitrary code with kernel privileges.

Successful exploitation of the vulnerability may result in system compromise.

5) Information disclosure (CVE-ID: CVE-2018-4430)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an error in the FaceTime component. A local attacker can trigger a state management error and access to contacts on a locked device.

6) Information disclosure (CVE-ID: CVE-2018-4446)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to an error in the File Provider component. A local attacker can run a specially crafted application and learn information about the presence of other applications on the device.

7) Denial of service (CVE-ID: CVE-2018-4460)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local attacker to cause DoS condition on the target system.

The weakness exists due to an error in the Kernel component. A local attacker can conduct DoS attack and cause the device to crash.

8) Information disclosure (CVE-ID: CVE-2018-4431)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear

The vulnerability allows a local attacker to obtain potentially sensitive information on the target system.

The weakness exists due to a boundary error in the Kernel component. A local attacker can trigger memory corruption and read kernel memory.

9) Privilege escalation (CVE-ID: CVE-2018-4435)

CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to a logic issue in the Kernel component. A local attacker can run a specially crafted application and gain elevated privileges.

10) Spoofing attack (CVE-ID: CVE-2018-4429)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to conduct spoofing attack on the target system.

The weakness exists due to insufficient validation of user-supplied input in the LinkPresentation component. A remote attacker can send a specially crafted mail message and spoof UI.

11) Spoofing attack (CVE-ID: CVE-2018-4439)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to conduct spoofing attack on the target system.

The weakness exists due to insufficient validation of user-supplied input in the Safari component. A remote attacker can send a specially crafted mail message and spoof UI.

12) Security restrictions bypass (CVE-ID: CVE-2018-4436)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local attacker to bypass security restrictions on the target system.

The weakness exists due insufficient validation of certificates in the Profiles component. A local attacker can bypass security restrictions and cause an untrusted configuration profile to be incorrectly displayed as verified.

13) Spoofing attack (CVE-ID: CVE-2018-4440)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to conduct spoofing attack on the target system.

The weakness exists due to insufficient validation of user-supplied input in the Safari component. A remote attacker can trick the victim into visiting a specially crafted website, trigger state management error and spoof address bar.

14) Security restrictions bypass (CVE-ID: CVE-2018-4445)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to bypass security restrictions on the target system.

The weakness exists in the Safari component due "Clear History and Website Data" did not clear the history. A remote attacker can bypass security restrictions and prevent fully deletion of browsing history.

15) Memory corruption (CVE-ID: CVE-2018-4441)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the Webkit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

16) Memory corruption (CVE-ID: CVE-2018-4442)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the Webkit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

17) Memory corruption (CVE-ID: CVE-2018-4443)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the Webkit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

18) Memory corruption (CVE-ID: CVE-2018-4438)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the Webkit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger state management error and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

19) Memory corruption (CVE-ID: CVE-2018-4437)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the Webkit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

20) Memory corruption (CVE-ID: CVE-2018-4464)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The weakness exists due to boundary error in the Webkit component. A remote attacker can trick the victim into visiting a specially crafted website, trigger memory corruption and execute arbitrary code with elevated privileges.

Successful exploitation of the vulnerability may result in system compromise.

21) Memory corruption (CVE-ID: CVE-2018-4421)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to a boundary error in the Intel Graphics Driver component. A local attacker can run a specially crafted application and execute arbitrary code with kernel privileges.

22) Memory corruption (CVE-ID: CVE-2018-4456)

CWE-ID: CWE-119 - Memory corruption

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The weakness exists due to a boundary error in the Intel Graphics Driver component. A local attacker can run a specially crafted application and execute arbitrary code with kernel privileges.

Remediation

Install update from vendor's website.

SB2018120604 - Multiple vulnerabilities in Apple iOS

Breakdown by Severity

Description

Remediation

References

Please verify you're human